Check logs Sprint 8.4 week 2

[hcaofec]

Log review needs to be completed for Sprint 8.3 (week 2) per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

[qqss88]

Vulnerabilities found this week:

OPENFEC: Total 2

1. data/flyway/build.gradle: HIGH details here: https://app.snyk.io/org/fecgov/project/e6c155e9-f0ac-4a49-98fa-83c24f5b74b3/

added a new ticket here: https://github.com/fecgov/openFEC/issues/3654

2. requirements.txt: medium Race Condition Vulnerable module: webargs Introduced through: webargs@0.18.0 and flask-apispec@0.7.0 https://github.com/fecgov/openFEC/issues/3642

FEC-EREGS: total 1

1. requirements.txt Race Condition - midium Vulnerable module: webargs Introduced through: regcore@4.2.0 and webargs@1.8.1 (https://github.com/fecgov/fec-eregs/issues/435)

FEC-PATTERN-LIBRARY: None

FEC-CMS: Total 3

1. package.json Denial of Service (DoS) Vulnerable module: mem Introduced through: npm@6.8.0

2.requirements.txt Content Spoofing: MEDIUM (Due 3/10/2019 - needs milestone) (fecgov/fec-cms#2624)

3. requirements.txt .Uncontrolled Memory Consumption: MEDIUM fecgov/fec-cms#2691

Account approvals:

One open issues - Add Erik Burgess to fecgov org (https://github.com/18F/fec-accounts/issues/162) There are existing open issues, need to revisit them and/or close. (https://github.com/18F/fec-accounts/issues) Search logs: one user added to cms (for @rfultz to access wagtail, refer to onboard ticket https://github.com/fecgov/fec-accounts/issues/155, this ticket can be closed now)

Cloud.gov Dashboard: 9 deployer accounts, same as last week.

[JonellaCulmer]

@qqss88 Did you reference the correct onboarding ticket in the above comment? It doesn't look like an onboarding ticket.

[qqss88]

@JonellaCulmer Sorry I copied the wrong link - correction done.